Slashdot Mirror

← Back to Stories (view on slashdot.org)

First OpenOffice Virus, Not In the Wild

Posted by kdawson on from the raucous-laughter-in-Redmond dept.

NZheretic writes "According to APCmag, the first cross-platform OpenOffice.org virus — 'SB/Badbunny-A' — was emailed directly to Sophos from the virus developers. The proof-of-concept virus affects Windows, Mac OS X, and Linux systems and uses different methods on each. It has not yet been seen in the wild. Despite Sun's OpenOffice.org developer Malte Timmermann's claims to the contrary, this kind of embedded scripting attack represents a real threat to OpenOffice.org users. Back in June 2000 when Sun first announced the open sourcing of OpenOffice.org, the twelfth email to the open discussion list put forward a two-part solution for providing OpenOffice users with Safe(r) Scripting using restricted-mode execution by default and access by signed digital certificates. In October 2000 the issue of treating security as an 'add-on' feature rather than as a 'system property' was again raised. Is it time to now introduce such measures to the OpenOffice.org Core to greatly reduce any future risk from scripted infections?"

3 of 169 comments (clear)

  1. OO already does that. by twitter · · Score: 0, Troll

    Is to stop enabling scripting by default in software that has no real need of scripting. Hasn't even Microsoft learnt this by now?

    OO's default is to not run macros. The user get's a warning and has to say "yes" to the thing. This is the best that can be done and still be "compatible" with M$ Office.

    A much better solution is to simply use free software, where all of the functionality is provided by best of class applications rather than back of the envelope macro functions. There are programs to do just about everything now.

    If you need to make scripts, Gnumeric is a good example. It can use perl scripts but they are not something that goes with the sheet itself. Debian and other distributions provide the best of them for histograms and other analysis. Users can write and distribute more, if they must, but it's not something that is going to spring out of email and eat your system. Neither will the OO scripts, but default.

    --

    Friends don't help friends install M$ junk.

  2. Ding! by twitter · · Score: 0, Troll

    You found 215 of Ballmer's 238 patents. Now, I'm afraid you will be executed by a chair flying squad.

    Good thing OO's default behavior is to display a warning that won't run the macro when you push "OK".

    --

    Friends don't help friends install M$ junk.

  3. Re:saving Grandma from Linux .. by toadlife · · Score: 0, Troll

    root is not required to turn Linux (or Windows or OSX) into a Spam/DDoS bot, so I think Grandma can do plenty of damage without it.

    --
    I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.